The following is some dialogue that I posted to the
DShield.org list last night, trying to figure out
why I was seeing these odd traceroute probes in my firewall
logs at home.
I post it here for two reasons:
[1] Does anyone have any experience with InterNAP's FCP-500
product? I was looking for some additional technical info beyond
what is on their web site. Contact me off-list, of course.
And,
[2] Just thought some of you might be interested. :-)
- ferg
-- Forwarded Message --
Just as an FYI follow-up to last night's e-mails
from me to on the list [subject line above], I received
this from InterNAP this morning. Though I'd share...
- feeg
-- Forwarded Message --
We have received the following notice regarding trace route traffic
originating from our network, so I thought I would give respond to give
you a bit of piece of mind. The packets you are seeing are actually a
very GOOD thing. Our datacenter employs a technology which tunes BGP
routing tables for outbound traffic to provide the highest performing
route path. On average, this shaves 35-40ms off the round-trip time for
network performance. The device which performs these operations is
called an Internap FCP-500. You can view more information at
http://www.internap.com/products/route-optimization.htm
Chances are, your public IP address was part of communication with our
datacenter. Since over 10,000 web sites are hosted in our center, it is
a very likely case that you accessed a web site, which then triggered
the performance platform to probe round-trip times via traditional trace
route and ping protocols. Once you communicate with the datacenter for
the first time, the device will continue to probe the pathway for
performance data periodically, and adjust routes accordingly.
The end result is, a better performing experience since the packets take
the best performing pathway through the Internet from the datacenter to
the end user.
Regards,
Susan Cook
Susan Cook | AUP Enforcement
[contact info elided]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Posted At: Wednesday, August 10, 2005 9:46 PM
Posted To: Data393 Abuse
Conversation: [ABUSE] Re: [Dshield] Dst. ports 33438, 33437
(64.95.255.255) [data393]
Subject: [ABUSE] Re: [Dshield] Dst. ports 33438, 33437 (64.95.255.255)
[data393]
Internap has received an abuse complaint related to the possible
distribution of unsolicited e-mail (spam) or a possible security
violation
from you or one of your customers. We are forwarding the complaint to
you
so that you may take appropriate measures to address the issue.
The purpose of this message is to inform you of a complaint we have
received as if you had received the complaint directly. We have not
verified the accuracy of the complaint nor is this an accusation that
the
said incident has occurred.
Internap will not embark upon any punitive action regarding spam or
security complaints without explicitly and formally contacting you
regarding a clear, verified complaint, or a pattern of abuse.
Please refer to http://www.internap.com/about/policies.html for
general questions regarding Internap's stance on spam or abuse. Please
direct any questions regarding this specific issue to
[EMAIL PROTECTED]
-- Forwarded message --
From: Fergie (Paul Ferguson) removed@netzero.net
Date: Thu, 11 Aug 2005 03:39:43 GMT
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Dshield] Dst. ports 33438, 33437
...and, now I see an adjacent port as well:
2005-08-10 21:21:48 -05:00 877446811 64.94.45.10
14484 67.64.90.x 33436 udp
64.94.45.10 -- fcp-2.chg.pnap.net
Hmmm.
OrgName: Internap Network Services
OrgID: PNAP
Address: 250 Williams Street
Address: Suite E100
City: Atlanta
StateProv: GA
PostalCode: 30303
Country: US
NetRange: 64.94.0.0 - 64.95.255.255
CIDR: 64.94.0.0/15
NetName: PNAP-05-2000
NetHandle: NET-64-94-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.PNAP.NET
NameServer: NS2.PNAP.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-06-05
Updated: 2002-06-17
TechHandle: INO3-ARIN
TechName: InterNap Network Operations Center
TechPhone: +1-877-843-4662
TechEmail: [EMAIL PROTECTED]
OrgAbuseHandle: IAC3-ARIN
OrgAbuseName: Internap Abuse Contact
OrgAbusePhone: +1-206-256-9500
OrgAbuseEmail: [EMAIL PROTECTED]
OrgTechHandle: INO3-ARIN
OrgTechName: InterNap Network Operations Center
OrgTechPhone: +1-877-843-4662
OrgTechEmail: [EMAIL PROTECTED]
# ARIN WHOIS database, last updated 2005-08-10 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Tracing to: 64.94.45.10
1 legacy26-0.default.csail.mit.edu (18.26.0.1) [AS3] 0 ms 0 ms 0 ms
2 kalgan.trantor.csail.mit.edu (128.30.0.245) [AS40] 0 ms 0 ms 0 ms
3 B24-RTR-2-CSAIL.MIT.EDU (18.4.7.1) [AS3] 90 ms 96 ms 2 ms
4
